7 Replies Latest reply on Mar 30, 2012 9:07 AM by Jiunn LAM

    Reducing need for more Roles in RBAC



      I'll illustrate my question with a real life example.


      In addiition to the defaults I have specific Roles for server platform management, so a role for our Windows admins and a Role for our Unix admins. These Roles give them full access to their servers. The Unix role is associated in an ACL on the Unix Servers Group and as you would expect the Windows Role on the Windows Server Group.


      Now here comes the dilemma. The Windows Role is made up of members from 2 geographically separate teams, the 1st team is responsible for managing the Windows servers in the UK and the 2nd team for Windows servers in Ireland.


      One way to split user access to these Windows servers geographically is to split the original Windows Role into "Windows UK Role" and "Windows Ireland Role".


      Is there any way to do this without having to split roles in this way?